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About This Guide 


Novell? BorderManager™ Enterprise Edition 3.5 Installation and Setup 
provides the basic information you need to set up packet filters. 


This documentation provides the following additional information: 


° Chapter 1, “Advanced Configuration of IP Packet Filters,” on page 1 


This chapter describes how to set up HTTP, FTP, Telnet, SMTP, POP3, 
and DNS filters. 


° Chapter 2, “Managing IP Packet Filters,” on page 15 


This chapter describes the configuration parameters for the IP packet 
filter log and the standard IP packet filter log format. 
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Advanced Configuration of IP Packet 
Filters 


This chapter describes how to configure exceptions using FILTCFG to allow 
specific IP services through the N ovell® BorderManager™ firewall when the 
action of the filters is to deny packets in the filter list. A server SET command 
to filter packets that have IP header options is also described. 

This chapter contains the following sections: 

° “Choosing between Stateful or Static Packet Filters” on page 1 

° “Setting Up an HTTP Filter” on page 2 

° “Setting Up an FTP Filter” on page 4 

° “Setting Up a Telnet Filter” on page 7 

° “Setting Up an SMTP Filter” on page 9 

° “Setting Up a POP3 Filter” on page 10 


° “Setting Up a DNS Filter” on page 11 


. “Filtering IP Packets that Use the IP Header Options Field” on page 13 


Choosing between Stateful or Static Packet Filters 


Stateful packet filters are more secure because they allow only the packets in 
response to requests to pass through the firewall. For this reason, the 
procedures in this chapter describe how to configure stateful packet filters. 
However, because static packet filters offer faster performance, a list of 
equivalent static filters is provided should you choose to configure them. 


If you choose to configure static filters for the TCP protocol, you should enable 


ACK bit filtering so that all inbound packets that do not have the TCP ACK bit 
set are dropped by the server. 
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Setting Up an HTTP Filter 


You can set up an HTTP filter on your server’s public interface to filter HTTP 
packets in the inbound or outbound direction. An inbound HTTP filter might 
be required to allow public access to specific Web servers in your private 
network. An outbound HTTP filter might be required to allow certain users to 
bypass proxy services and connect directly to origin Web servers. 


This section contains the following tasks: 
° “Setting Up a Stateful HTTP Filter” 


° “Setting Up Static Filters for HTTP” 


Setting Up a Stateful HTTP Filter 


To set up a stateful HTTP filter exception, complete the following steps from 
the main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 


2. Press Ins to define a new exception. 


3. If you are creating an inbound exception, do the following: 
3a. Specify <All Interfaces> for the Source Interface parameter. 


3b. Specify the server’s public interface for the Destination 
Interface parameter. 


3c. Press Enter for Packet Type and select www-http-st. 


Note The www-http-st packet type is for HTTP over TCP. This packet type will not 
work for HTTP over UDP. 


3d. If you want the server to forward HTTP packets from certain 
public hosts only, specify Host or Network for the Sre Addr 
Type parameter and enter the IP address for the Src IP 
Address parameter; otherwise, leave the setting for Src Addr 
Type as Any Address. 
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3e. 


3f. 


If you want the server to forward HTTP packets addressed to 
certain private hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 


Press Esc and select Yes to save the filter. 


4. If you are creating an outbound exception, do the following: 


4a. 


4b. 


4c. 
4d. 


4e. 


4f. 


Specify the server’s private interface for the Source Interface 
parameter. 


Specify the server’s public interface for the Destination 
Interface parameter. 


Press Enter for Packet Type and select www-http-st. 


If you want the server to forward HTTP packets from certain 
private hosts only, specify Host or Network for the Sre Addr 
Type parameter and enter the IP address for Src IP Address 
parameter; otherwise, leave the setting for Src Addr Type as 
Any Address. 


If you want the server to forward HTTP packets addressed to 
certain public hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 


Press Esc and select Yes to save the filter. 


Important The outbound stateful HTTP filter does not allow packets for Domain Name 
System (DNS) name resolution to be forwarded to a DNS server on the public 
network. DNS names in URLs cannot be resolved unless you set up a DNS filter. 
Refer to “Setting Up a DNS Filter” on page 11. 


Setting Up Static Filters for HTTP 


If you do not want to configure a stateful HTTP exception, you can create static 
filters instead. 


In the direction that HTTP requests will be sent, create one or both of the 
following static packet filter exceptions: 


. www-http (for HTTP over TCP) 
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Important 


° www-http/udp (for HTTP over UDP) 


Most browsers are configured to use HTTP over TCP, but they can also use 
HTTP over UDP. If you support browsers using HTTP over UDP, you should 
create both filters. 


In the direction that HTTP responses will be sent, create one or both of the 
following static packet filter exceptions: 


. dynamic/tep (for HTTP over TCP) 
° dynamic/udp (for HTTP over UDP) 


The exceptions you create depend on which exceptions you created for the 
opposite direction of packet flow. If you created exceptions for both www-http 
and www-http/udp, you should create filter exceptions for both dynamic/tcp 
and dynamic/udp. The dynamic port range is 1024 to 65,535. 


These filters do not allow packets for DNS name resolution to be forwarded. To 
set up a DNS filter, refer to “Setting Up a DNS Filter” on page 11. 
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You can set up an FTP filter on your server’s public interface to filter FTP 
packets in the inbound or outbound direction. An inbound FTP filter might be 
required if public users connect to an FTP server in your private network. An 
outbound FTP filter might be required to allow certain users to bypass proxy 
services and connect directly to FTP servers on the public network. 


When you set up an FTP filter, you can configure it to inspect for active FTP 
connections, passive FTP connections, or both. For tighter security, some 
administrators only allow active FTP connections in the inbound direction so 
the data connection is always on port 20. In contrast, passive FTP connections 
use any dynamic ports that are available. 

This section contains the following tasks: 


° “Setting Up a Stateful FTP Filter” 


° “Setting Up Static Filters for FTP” 


Setting Up a Stateful FTP Filter 


To set up a stateful FTP filter exception, complete the following steps from the 
main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 


2. Press Ins to define a new exception. 


3. If you are creating an inbound exception, do the following: 


3a. 
3b. 


3c. 


Specify <All Interfaces> for the Source Interface parameter. 


Specify the server’s public interface for the Destination 
Interface parameter. 


Press Enter for Packet Type and select ftp-port-pasv-st. 


Note The packet type ftp-port-pasv-st allows both active and passive FTP 
connections. To allow active FTP connections only, select ftp-port-st. To allow 
passive FTP connections only, select ftp-pasv-st. 


3d. 


3e. 


3f. 


If you want the server to forward FTP packets from certain 
public hosts only, specify Host or Network for the Sre Addr 
Type parameter and enter the IP address for the Sre IP 
Address parameter; otherwise, leave the setting for Src Addr 
Type as Any Address. 


If you want the server to forward FTP packets addressed to 
certain private hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 


Press Esc and select Yes to save the filter. 


4. If you are creating an outbound exception, do the following: 


4a. 


4b. 


4c. 


Specify the server’s private interface for the Source Interface 
parameter. 


Specify the server’s public interface for the Destination 
Interface parameter. 


Press Enter for Packet Type and select ftp-port-pasv-st. 
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Note 


Important 


The packet type ftp-port-pasv-st allows both active and passive FIP 
connections. To allow active FTP connections only, select ftp-port-st. To allow 
passive FTP connections only, select ftp-pasv-st. 


4d. If you want the server to forward FTP packets from certain 
private hosts only, specify Host or Network for the Srce Addr 
Type parameter and enter the IP address for the Src IP 
Address parameter; otherwise, leave the setting for Src Addr 
Type as Any Address. 


4e. If you want the server to forward FTP packets addressed to 
certain public hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 


4f. Press Esc and select Yes to save the filter. 


The outbound stateful FTP filter does not allow packets for DNS name resolution 
to be forwarded to a DNS server on the public network. Users establishing an 
FTP connection to an FTP server must use the FTP server’s IP address unless 
you set up a DNS filter. Refer to “Setting Up a DNS Filter” on page 11. 
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If you do not want to configure a stateful FTP exception, you can create static 
filters instead. 


To allow public hosts to establish active FTP connections to a server in the 
private network, configure the following inbound and outbound filter 
exceptions: 


. ftp (the control channel) 
. ftp-data (the data channel) 


If you want to allow users in your private network to establish passive FIP 
connections to public servers, configure additional filter exceptions for 
dynamic/tcp in both directions so dynamic ports can be used as the data channel 
instead of port 20. Enable ACK bit filtering for the dynamic/tcp exceptions. 


These filters do not allow users to establish FTP connections using the FTP 
server’s DNS name. A DNS filter is required. To set up a DNS filter, refer to 
“Setting Up a DNS Filter” on page 11. 


Setting Up a Telnet Filter 


You can set up a Telnet filter on your server’s public interface to filter Telnet 
packets in the inbound or outbound direction. An inbound Telnet filter might 
be required if public users establish Telnet sessions to a server in your private 
network. An outbound Telnet filter might be required to allow users to establish 
a Telnet session on the public network. 


This section contains the following tasks: 


° “Setting Up a Stateful Telnet Filter” 


° “Setting Up Static Filters for Telnet” 


Setting Up a Stateful Telnet Filter 


To set up a stateful Telnet filter exception, complete the following steps from 
the main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 


2. Press Ins to define a new exception. 


3. If you are creating an inbound exception, do the following: 


3a. 
3b. 


3c. 
3d. 


3e. 


Specify <All Interfaces> for the Source Interface parameter. 


Specify the server’s public interface for the Destination 
Interface parameter. 


Press Enter for Packet Type and select telnet-st. 


If you want the server to forward Telnet packets from certain 
public hosts only, specify Host or Network for theSrc Addr 
Type parameter and enter the IP address for the Sre IP 
Address parameter; otherwise, leave the setting for Src Addr 
Type as Any Address. 


If you want the server to forward Telnet packets addressed to 
certain private hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 
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3f. 


Press Esc and select Yes to save the filter. 


4. Ifyou are creating an outbound exception, do the following: 


4a. 


4b. 


4c. 
4d. 


4e. 


4f. 


Specify the server’s private interface for the Source Interface 
parameter. 


Specify the server’s public interface for the Destination 
Interface parameter. 


Press Enter for Packet Type and select telnet-st. 


If you want the server to forward Telnet packets from certain 
private hosts only, specify Host or Network for the Sre Addr 
Type parameter and enter the IP address for the Src IP 
Address parameter; otherwise, leave the setting for Src Addr 
Type as Any Address. 


If you want the server to forward Telnet packets addressed to 
certain public hosts only, specify Host or Network for the Dest 
Addr Type parameter and enter the IP address for the Dest IP 
Address parameter; otherwise, leave the setting for Dest Addr 
Type as Any Address. 


Press Esc and select Yes to save the filter. 


The outbound stateful Telnet filter does not allow packets for DNS name 
resolution to be forwarded to a DNS server on the public network. Users 
establishing a Telnet session must use IP addresses unless you set up a DNS 
filter. Refer to “Setting Up a DNS Filter” on page 11. 
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If you do not want to configure a stateful Telnet exception, you can create static 
filters instead. Simply create a static Telnet filter exception in both the inbound 
and outbound directions. Make sure you enable ACK bit filtering for the 
exception in the inbound direction. 


These filters do not allow users to establish Telnet sessions using a server’s 
DNS name. A DNS filter is required. To set up a DNS filter, refer to “Setting Up 
a DNS Filter” on page 11. 


Setting Up an SMTP Filter 


You can set up a Simple Mail Transfer Protocol (SMTP) exception on the 
server’s public interface to allow SMTP mail servers or SMTP gateways in 
your private network to send and receive mail through the Novell® 
BorderManager™ firewall. 


This section contains the following tasks: 


° “Setting Up a Stateful SMTP Filter” 


° “Setting Up Static Filters for SMTP” 


Setting Up a Stateful SMTP Filter 


To set up a stateful SMTP filter exception, complete the following steps from 
the main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 


2. Press Ins to define a new exception. 


3. Specify the Source Interface by doing one of the following: 


3a. 


3b. 


If you want private SMTP servers or gateways to be able to 
send mail through the firewall, specify the server’s private 
interface. 


If you want public SMTP servers to be able to send mail to the 
SMTP server in your private network, and you have not 
enabled the Mail proxy, specify the server’s public interface. 


4. Specify the Destination Interface by doing one of the following: 


4a. 


4b. 


If you want private SMTP servers or gateways to be able to 
send mail through the firewall, specify the server’s public 
interface. 


If you want public SMTP servers to be able to send mail to the 
SMTP server in your private network, and you have not 
enabled the Mail proxy, specify the server’s private interface. 


5. Press Enter for Packet Type and select smtp-st. 
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6. Press Esc and select Yes to save the filter. 


Important The outbound stateful SMTP filter does not allow domain names to be resolved 
by a DNS server on the public network. Refer to “Setting Up a DNS Filter” on 
page 11. 


Setting Up Static Filters for SMTP 


If you do not want to configure a stateful SMTP exception, you can create static 
filters instead. Simply create a static SMTP filter exception in both the inbound 
and outbound directions. Make sure you enable ACK bit filtering for the 
exception in the inbound direction. 


Important These filters do not forward requests for domain name resolution. A DNS filter 
is required. To set up a DNS filter, refer to “Setting Up a DNS Filter” on page 11. 


Setting Up a POPS Filter 


You can set up a Post Office Protocol 3 (POP3) exception on the server’s public 
interface to allow public clients to access a private POP3 server behind the 
Novell® BorderManager™ firewall. 

This section contains the following tasks: 


° “Setting Up a Stateful POP3 Filter” 


° “Setting Up a Static POP3 Filter” 


Important These filters do not forward requests for domain name resolution by a DNS 
server in your private network. A DNS filter is required. To set up a DNS filter, 
refer to “Setting Up a DNS Filter” on page 11. 


Setting Up a Stateful POP3 Filter 


To set up a stateful POP3 filter exception, complete the following steps from 
the main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 


2. Press Ins to define a new exception. 


3. Specify <All Interfaces> for the Source Interface parameter. 
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4. Specify the server’s public interface for the Destination Interface 
parameter. 


5. Ifyou want the server to forward mail from certain public hosts only, 
specify Host or Network for the Src Addr Type parameter and enter 
the IP address for the Src IP Address parameter; otherwise, leave 
the setting for Src Addr Type as Any Address. 

6. Ifyou want the server to forward mail addressed to certain private 
hosts only, specify Host or Network for the Dest Addr Type 
parameter and enter the IP address for the Dest IP Address 
parameter; otherwise, leave the setting for Dest Addr Type as Any 
Address. 

7. Press Enter for Packet Type and select pop3-st. 


8. Press Esc and select Yes to save the filter. 


Setting Up a Static POP3 Filter 
If you do not want to configure a stateful POP3 exception, you can create a 


static filter instead. Make sure you enable ACK bit filtering for the exception 
in the inbound direction. 


Setting Up a DNS Filter 


TCP/IP connections to a server can be made by specifying the server’s IP 
address, but most servers, particularly those connected to the Internet, are 
accessed by their DNS names. 

This section contains the following tasks: 


° “Setting Up a Stateful DNS Filter” 


° “Setting Up Static Filters for DNS” 
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Setting Up a Stateful DNS Filter 


To set up a stateful DNS exception to allow users to use DNS names to connect 
to servers accessed through the Novell® BorderManager™ server’s public 
interface, complete the following steps from the main FILTCFG menu: 


1. Select Configure TCP/IP Filters > Packet Forwarding Filters > 
Exceptions. 

2. Press Ins to define a new exception. 

3. Specify the server’s private interface for the Source Interface 
parameter. 

4. Specify the server’s public interface for the Destination Interface 
parameter. 

5. Press Enter for Packet Type and select dns/udp-st. 

6. Press Esc and select Yes to save the filter. 

Important If applications are configured to use DNS over TCP, you can also configure a 


stateful DNS exception for DNS over TCP. In Step 5, select the dns/tcp-st packet 
type instead of the dns/udp-st packet type. 


Setting Up Static Filters for DNS 


If you do not want to configure a stateful DNS exception, you can create static 
filters instead. 


In the direction that DNS queries will be sent, create the following static packet 
filter exception: 


dns/udp 


In the direction that DNS responses will be sent, create the following static 
packet filter exception: 
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dynamic/udp 


Filtering IP Packets that Use the IP Header Options Field 


In addition to containing 32-bit source IP address and destination IP address 
fields, IP packets also contain an options field. This field can be used for the 
following purposes: 


° Security restrictions—United States Department of Defense (DoD) basic 
and extended security options to identify classification levels and 
secuirty information. 


. Record route —List of IP addresses to identify each router that forwarded 
the packet. 


° Time stamp—List of IP addresses and time stamps to identify each 
router that forwarded the packet. 


° Source routing—List of IP addresses to which the packet must be routed. 


Although the NetWare® TCP/IP stack does not process these options, it can be 
a security risk to forward packets with these options specified. In particular, the 
source routing option can force all packets that are routed from your network 
to be forwarded to an untrustworthy host in the public network. 


When you install Novell® BorderManager™ firewall/caching services, a 
server SET command is automatically enabled to drop packets with IP header 
options enabled. 


To view the current setting for your server, complete the following steps: 


1. At the server console, enter 


SET 
2. Select option 1 (Communications). 


3. Verify that the SET command displays as 
SET FILTER PACKETS WITH IP HEADER OPTIONS = ON 


It is best not to change the default setting, but under certain circumstances you 
might need to turn this setting off. For example, you could use the source 
routing option to specify the routers that must handle the traffic from your 
network. 
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Because routers often do not support IP header options, be sure to verify the 
capability of your routers before disabling the filtering to perform such tests. 


To disable the filtering of packets that use IP header options from the server 
console, enter 


SET FILTER PACKETS WITH IP HEADER OPTIONS = OFF 
To reenable the filtering from the server console, enter 


SET FILTER PACKETS WITH IP HEADER OPTIONS = ON 
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Managing IP Packet Filters 


This chapter describes how to manage N ovell® BorderManager™ IP packet 
filters used as part of your firewall. It contains the following sections: 


° “Modifying Default IP Logging Parameters” on page 15 


. “Viewing IP Packet Log Information” on page 18 


Modifying Default IP Logging Parameters 


If global logging for IP has been enabled, IP packets are automatically logged 
to a text file located in the SYS:ETC\LOGS\IPPKTLOG directory on the 
server. The configuration file, SYS:ETC\IPPKTLOG.CFG, specifies the 
logging parameters. 


Important IP packets that match a specific packet filtering rule are not logged unless 
logging has been explicitly enabled for the filter. 


Refer to Table 2-1 on page 16 for the logging configuration parameters in 
IPPKTLOG.CFG. 
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Table 2-1 


IPPKTLOG.CFG Configuration Parameters 





Parameter 


Default Value 


Available Settings 





LOG_FILE_TYPE 
LOG_FILE_LOCATION 


LOG_FILE_ROLL_METHOD 


LOG_FILE_ROLL_METHOD_ 
VALUE 


LOG FILE DELETE METHOD 


1 


SYS:ETC\LOGS\IPPKTLOG 


3 


100 


1 = Sequential log file. 
Any directory. 


1 = Roll log file every n hours, where n is 
the value assigned to LOG_FILE_ROLL_ 
METHOD_VALUE. 


2 = Roll log file every n days, where n is the 
value assigned to LOG_FILE_ROLL_ 
METHOD_VALUE. 


3 = Roll log file when the log file size 
exceeds n KB, where nis the value assigned 
to LOG FILE ROLL METHOD. 
VALUE. 


Any value representing hours when 
LOG FILE ROLL METHOD is 1. 


Any value representing days when 
LOG FILE ROLL METHOD is 2. 


Any value representing KB when 
LOG FILE ROLL METHOD is 3. 


1 = Do not delete log files. 


2 = Begin deleting log files when the 
number of log files reaches the limit 
specified by LOG_FILE_DELETE_ 
METHOD_VALUE. 


3 = Begin deleting log files when the age of 
the log files reaches n hours, where n is the 
value assigned to LOG_FILE_DELETE_ 
METHOD_VALUE. 
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Parameter 


Default Value 





Available Settings 





LOG FILE DELETE METHOD 
VALUE 


LOG CACHE BUFFER. SIZE 





DATE TIME, FORMAT 


512 


80 


Any value representing the number of files 
when LOG FILE DELETE METHOD is 
2. 


Any value representing the number of hours 
when LOG FILE DELETE METHOD is 
assigned a value of 3. The value assigned 
should be greater than LOG FILE ROLL 
METHOD VALUEIFLOG FILE ROLL 
METHOD is assigned a value of 1. 


Any value representing the size in KB. The 
value assigned should not exceed the 
available memory on the server. 


1 = Do not insert a date and time stamp for 
each entry to the log file. 


2 = Insert a date and time stamp for each 
entry to the log file. The date and time have 
the format of MM/DD/YYYY, HH:MM:SS 
+/- TimeZoneOffset, where MM is the 
month, DD is the day, and YYYY is the 
year. 





If global logging for IP has been enabled, the N ovell® BorderManager™ server 
is also configured by default to shut down the public interface when logging 
fails to occur. A logging failure can occur when the server experiences a 
shortage of disk space. If you want to disable the automatic shutdown of the 
public interface when logging fails, at the server console enter 


SET SHUTDOWN PUBLIC INTERFACE ON LOG FAILURE = OFF 


To reenable the automatic shutdown of the public interface, enter 


SET SHUTDOWN PUBLIC INTERFACE ON LOG FAILURE = ON 
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Viewing IP Packet Log Information 
The IP packet filter logs stored in the SYS:ETC\LOGS\IPPKTLOG directory 
can be viewed with any text editor. Because the log file conforms to the 
Microsoft* standard format, the data in the log file can be imported by most 
third-party applications for analysis. 
Each entry in the log file contains the following fields: 
e Date 
e Time 
° Source IP Address 
e Destination IP Address 
. Protocol 
° Source Port 
e Destination Port 
° TCP Flags 
° Access— 1 indicates accept; 0 indicates deny 


. IP Header 


° IP Payload 


Note A dash (-) appearing in any of the fields indicates that the information was 
unavailable or did not apply to the type of packet that was logged. 
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